HDBits Bitmetv exploit

**Sentient** · 02-23-2007, 09:33 PM

This appeared on the bitmetv front page today:

SECURITY RISK:
Another torrent site - HDBITS - has been using their own members accounts (WITHOUT THEIR PERMISSION) whom are also members here and running an exploit through those members accounts. If you have accounts on both sites (especially where your password may be the same as here) then we advise that you change your PASSWORD and PASSKEY to avoid you account ending up possibly disabled. We apologise for this but this message is in our own members best security intrests.

Regards,
//BitMeTV.org Staff

Anyone know anything more about it?

EDIT:

a bitmetv admin presented the following two lines of what is presumably an IRC log as "proof."

10.10.29 [user] THEN WHY THE F**K WAS MY PASSKEY BEING USED ON UR F**KING RSS FEED
10.10.29 » (Valerio) why do you care? it would've been unnoticible if i had moved the thing before i changed it :S

**RainRoofer** · 02-23-2007, 09:44 PM

wtf ? Is this true ?

**Sentient** · 02-23-2007, 09:50 PM

Beats me. We all know how paranoid bitmetv is. But either it's true or not, it'd be hard to just imagine it.

Sucks, Firon is an admin at HDBits. He's already had plenty of aspersions cast over him over utorrent; this won't help.

**Ne'tu** · 02-23-2007, 09:59 PM

They banned one of the HDBits admins. He got mad at them...

**Sentient** · 02-23-2007, 10:11 PM

Originally Posted by Ne'tu

They banned one of the HDBits admins. He got mad at them...

What was the exploit?

**Jaits** · 02-23-2007, 10:31 PM

i m sure it is true...

when i hacked them a while back, i read their staff forums, and they were fighting against that other hd tracker (bit-hdtv)... and they were downloading movies from there to post them on their own tracker and also planning on how to take them out... back then bit-hdtv had security vunreabilities so they didnt have to use their users passwords (and i dont recall seeing any table that logged them in clear text).. they just hacked them and logged in as them... its not hard though to modify the login script to store the plaintext password as well...

**EFS** · 02-23-2007, 11:17 PM

Originally Posted by Ne'tu

They banned one of the HDBits admins. He got mad at them...

Maybe THey will kill Him soon

**marksman** · 02-23-2007, 11:21 PM

Originally Posted by Jaits

i m sure it is true...

when i hacked them a while back, i read their staff forums, and they were fighting against that other hd tracker (bit-hdtv)... and they were downloading movies from there to post them on their own tracker and also planning on how to take them out... back then bit-hdtv had security vunreabilities so they didnt have to use their users passwords (and i dont recall seeing any table that logged them in clear text).. they just hacked them and logged in as them... its not hard though to modify the login script to store the plaintext password as well...

uhh!!..hacked them?